CVE-2020-23835

MEDIUM

SourceCodester Tailor Management System v1.0 - XSS

Title source: llm

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.

Exploits (1)

exploitdb WORKING POC

by boku · textwebappsphp

https://www.exploit-db.com/exploits/48813

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/boku7/tailorMS-rXSS-Keylogger

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48813

Scores

CVSS v3 6.4

EPSS 0.0213

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Details

CWE

CWE-79

Status published

Products (1)

tailor_management_system_project/tailor_management_system 1.0

Published Sep 01, 2020

Tracked Since Feb 18, 2026